PT-2026-52029 · Warpdotdev · Warp
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-48725
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable 00 until 0.2026.05.06.15.42.stable 01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger clipboard reads or writes without a separate confirmation step. This crosses the trust boundary between untrusted terminal output and the user's local desktop clipboard. This vulnerability is fixed in 0.2026.05.06.15.42.stable 01.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Warp